7.2

CVE-2006-4447

EPSS 0.18%
Veröffentlicht 30.08.2006 01:04:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 20

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

X.Org ≫ Emu-linux-x87-xlibs Version7.0_r1

X.Org ≫ X11r6 Version6.7.0

X.Org ≫ X11r6 Version6.8

X.Org ≫ X11r6 Version6.8.1

X.Org ≫ X11r6 Version6.8.2

X.Org ≫ X11r7 Version1.0

X.Org ≫ X11r7 Version1.0.1

X.Org ≫ X11r7 Version1.0.2

X.Org ≫ Xdm Version1.0.3

X.Org ≫ Xf86dga Version1.0.0

X.Org ≫ Xinit Version1.0.2_r5

X.Org ≫ Xload Version1.0.0

X.Org ≫ Xorg-server Version1.02_r5

X.Org ≫ Xterm Version214

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.394

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://mail.gnome.org/archives/beast/2006-December/msg00025.html

http://secunia.com/advisories/25032

http://secunia.com/advisories/25059

http://security.gentoo.org/glsa/glsa-200704-22.xml

http://www.securityfocus.com/bid/23697

http://www.vupen.com/english/advisories/2007/0409

http://secunia.com/advisories/22332

http://www.debian.org/security/2006/dsa-1193

http://lists.freedesktop.org/archives/xorg/2006-June/016146.html

Patch

http://secunia.com/advisories/21650

Patch

Vendor Advisory

http://secunia.com/advisories/21660

http://secunia.com/advisories/21693

http://security.gentoo.org/glsa/glsa-200608-25.xml

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/300368

US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2006:160

http://www.securityfocus.com/bid/19742

http://www.vupen.com/english/advisories/2006/3409

https://nvd.nist.gov/vuln/detail/CVE-2006-4447

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4447

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4447

EUVD